<?php
        session_start();

        //restrict page access
        if(!isset($_SESSION['user']))
        {
                header('Location:index.php');
                exit;
        }

        if(isset($_POST['changePassword']))
        {
                include("std_dbs.php");

                $username = addslashes($_POST['userName']);
                $password = addslashes($_POST['newPassword']);
                $confirmPassword = addslashes($_POST['confirmPassword']);

		$idQuery = "SELECT USERID FROM USERS WHERE USERNAME = '".$username."'";
		$idStid = oci_parse($connect, $idQuery);
		if($idQuery == false)
		  {
		    $id = "ERROR";
		    $message = $message."ERROR: error parsing query to get user id;";
		  }
		$ret = oci_execute($idStid);
		if($ret == false)
		  {
		    $id = "ERROR";
		    $message = $message."ERROR: error exeucuting query to get user id;";
		  }

		$idRow = oci_fetch_array($idStid);
		$id = $idRow['USERID'];
		
                if($username=='' || $password == '' || $confirmPassword=='' || $confirmPassword != $password || $id == 'ERROR')
                        $message = $message."You must fill out the form, and correctly confirm the new password!".$id;
                else
                {

		$password = sha1(sha1($password).$username);

                //build query
                $query ="UPDATE AUTHENTICATE SET PASSWORD='$password' WHERE USERID='$id'";

                //Prepare and execute query
                $stid = oci_parse($connect, $query);
                $r = oci_execute($stid);

                if (!$r)
                {
                        $e = oci_error($stid);  // For oci_execute errors pass the statement handle
                        print htmlentities($e['message']);
                        print "\n<pre>\n";
                        print htmlentities($e['sqltext']);
                        echo $e['message'];
                        printf("\n%".($e['offset']+1)."s", "^");
                        print  "\n</pre>\n";
                }
		else
		{

                oci_commit($stid);

                unset($_POST['submit']);
                $message = "The password has been reset!";
                }
		}
        }
?>


<form name='resetPassword' method='post' action='admin.php'>
<?php echo $message; ?>
<table>
<tr><td>User Name:</td><td><input type='text' name='userName' /></td></tr>
<tr><td>New Password:</td><td><input type='password' name='newPassword' /></td></tr>
<tr><td>Confirm Password:</td><td><input type='password' name='confirmPassword' /></td></tr>
<tr><td><input type='submit' value='Change Password' name='changePassword'></td></tr>
</form>
</table>



